PHP Remote File Inclusion Vulnerability in StylemixThemes Motors - Events
CVE-2025-47586

9CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
6 June 2025

What is CVE-2025-47586?

A vulnerability exists in the Motors - Events plugin by StylemixThemes that allows for local file inclusion through improper control of the filename for include/require statements in PHP. This issue could allow unauthorized users to execute local files, potentially compromising the integrity of the web application and exposing sensitive data. The affected versions are from n/a through 1.4.7.

Affected Version(s)

Motors - Events <= 1.4.7

References

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.